(1) They guess the password to your server’s file system. This is like sitting at the computer with all the files and folders in front of you.

(2) They test servers for outdated and obsolete tools, such old versions of FTP (File Transfer Protocol). When exploited with the right signals, these tools crash and open the door to the server’s file system, leading the hacker to all of your website’s files.

(3) They gain access to your files and alter them. Just by using a browser, many hackers can find weaknesses in your website, either through a form or a back-end entry point in Wordpress, Joomla, or Drupal.

Still Think it Hasn’t Happened to You?

If the SEC, FBI, and CIA can get hacked, anyone can.

In fact, most hacks you can't even see.

Often, hackers insert malicious software into your website to attack the device being used to browse your website. When a user’s computer gets infected after loading your website, who do you think she blames? You.

The hacks you CAN see are equally disturbing.

GoDaddy was recently infested with a hack that affected thousands of websites across the US. When the hacked sites were viewed on a desktop or laptop, they looked normal, but when they were viewed on a mobile device, they redirected to porn sites!

Yikes!

Whose Job is it to Protect Your Site?

Website hacks can’t be blamed on your senior management team, your programmer, your marketing company, or even you. But in many cases, they CAN be attributed to negligence on the part of your hosting services provider.

Nevertheless, it is up to YOU to make sure your hosting services provider is proactive about keeping hackers at bay. Here’s the questionnaire I use:

(1) Is a firewall in place? If so, what is blocked?

(2) Can anyone with the right username and password access the system by FTP or SSH?

(3) How often are websites backed up/cataloged, and what is the restore procedure?

Send this list to your hosting provider right now and ask her if she’s doing these things to prevent your website from being hacked.

(Of course, this is not something that you should have to ask about. Preventing hacks is not going above and beyond—it should be the standard for all website hosts. But if it can help prevent your website from being hacked, it’s worth doing.)

If you find out that your host has weak standards, get ready to find a Molotov cocktail soaring through your window in the next 30 seconds, if not sooner. And start looking for a new hosting provider ASAP!

Stay tuned for next week’s blog post, which will cover the irreversible effects hacking can have on your business (and why you need to take action NOW).